APT19 is a Chinese-based threat group that has targeted a variety of industries, including defense, finance, energy, pharmaceutical, telecommunications, high tech, education, manufacturing, and legal services. In 2017, a phishing campaign was used to target seven law and investment firms.  Some analysts track APT19 and Deep Panda as the same group, but it is unclear from open source information if the groups are the same.   
Associated Group Descriptions
|Enterprise||T1043||Commonly Used Port|
|Enterprise||T1140||Deobfuscate/Decode Files or Information|
|Enterprise||T1031||Modify Existing Service|
|Enterprise||T1027||Obfuscated Files or Information|
|Enterprise||T1060||Registry Run Keys / Startup Folder|
|Enterprise||T1071||Standard Application Layer Protocol|
|Enterprise||T1082||System Information Discovery|
|Enterprise||T1016||System Network Configuration Discovery|
|Enterprise||T1033||System Owner/User Discovery|
- Ahl, I. (2017, June 06). Privileges and Credentials: Phished at the Request of Counsel. Retrieved May 17, 2018.
- Scott, J. and Spaniel, D. (2016, July 28). ICIT Brief - China’s Espionage Dynasty: Economic Death by a Thousand Cuts. Retrieved June 7, 2018.
- FireEye. (n.d.). Advanced Persistent Threat Groups. Retrieved August 3, 2018.
- Grunzweig, J., Lee, B. (2016, January 22). New Attacks Linked to C0d0so0 Group. Retrieved August 2, 2018.
- The Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), CERT New Zealand, the UK National Cyber Security Centre (UK NCSC) and the US National Cybersecurity and Communications Integration Center (NCCIC). (2018, October 11). Joint report on publicly available hacking tools. Retrieved March 11, 2019.
- Chickowski, E. (2015, February 10). Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole. Retrieved September 13, 2018.